diff --git a/class/defaults.yml b/class/defaults.yml index acc62d3..9776a3b 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -2,7 +2,7 @@ parameters: vault: =_metadata: multi_instance: true - kubernetes_version: '1.18' + kubernetes_version: '1.24' images: vault: registry: docker.io @@ -15,7 +15,7 @@ parameters: charts: vault: source: https://helm.releases.hashicorp.com - version: 0.19.0 + version: 0.27.0 namespace: ${_instance} name: ${_instance} ingress: diff --git a/class/vault.yml b/class/vault.yml index 81a32ad..913eff4 100644 --- a/class/vault.yml +++ b/class/vault.yml @@ -24,7 +24,7 @@ parameters: helm_params: name: ${vault:name} namespace: ${vault:namespace} - api_versions: networking.k8s.io/v1beta1/Ingress + api_versions: networking.k8s.io/v1/Ingress kube_version: ${vault:kubernetes_version} - input_paths: - ${_base_directory}/component/unseal.jsonnet diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index 7ac9084..f1d3dc8 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -23,10 +23,13 @@ The name of the deployed component. == `kubernetes_version` [horizontal] type:: string -default:: `1.18` +default:: `1.24` The Kubernetes version of the cluster the component is deployed to. -This is relevant for the `Ingress` API version. +This parameter is passed to Helm when rendering the Helm chart. +The default chart version used by the component requires Kubernetes 1.20 or newer. + +We recommend setting this parameter based on the cluster's `kubernetesVersion` dynamic fact. == `images` diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-clusterrolebinding.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-clusterrolebinding.yaml index 3c49115..1e3840c 100644 --- a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-clusterrolebinding.yaml +++ b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-clusterrolebinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/instance: foobar app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vault - helm.sh/chart: vault-0.19.0 + helm.sh/chart: vault-0.27.0 name: foobar-server-binding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-config-configmap.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-config-configmap.yaml index d0ce231..31e85b2 100644 --- a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-config-configmap.yaml +++ b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-config-configmap.yaml @@ -32,6 +32,6 @@ metadata: app.kubernetes.io/instance: foobar app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vault - helm.sh/chart: vault-0.19.0 + helm.sh/chart: vault-0.27.0 name: foobar-config namespace: vault diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-discovery-role.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-discovery-role.yaml index 2092c2d..e868f75 100644 --- a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-discovery-role.yaml +++ b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-discovery-role.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/instance: foobar app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vault - helm.sh/chart: vault-0.19.0 + helm.sh/chart: vault-0.27.0 name: foobar-discovery-role namespace: vault rules: diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-discovery-rolebinding.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-discovery-rolebinding.yaml index e28271c..91e9602 100644 --- a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-discovery-rolebinding.yaml +++ b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-discovery-rolebinding.yaml @@ -5,7 +5,7 @@ metadata: app.kubernetes.io/instance: foobar app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vault - helm.sh/chart: vault-0.19.0 + helm.sh/chart: vault-0.27.0 name: foobar-discovery-rolebinding namespace: vault roleRef: diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-disruptionbudget.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-disruptionbudget.yaml index 7e0322a..fc8e98f 100644 --- a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-disruptionbudget.yaml +++ b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-disruptionbudget.yaml @@ -1,11 +1,11 @@ -apiVersion: policy/v1beta1 +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: labels: app.kubernetes.io/instance: foobar app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vault - helm.sh/chart: vault-0.19.0 + helm.sh/chart: vault-0.27.0 name: foobar namespace: vault spec: diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ha-active-service.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ha-active-service.yaml index 70eb7fe..b3b3e95 100644 --- a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ha-active-service.yaml +++ b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ha-active-service.yaml @@ -6,7 +6,8 @@ metadata: app.kubernetes.io/instance: foobar app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vault - helm.sh/chart: vault-0.19.0 + helm.sh/chart: vault-0.27.0 + vault-active: 'true' name: foobar-active namespace: vault spec: diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ha-standby-service.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ha-standby-service.yaml index 5a64636..e370bf6 100644 --- a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ha-standby-service.yaml +++ b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ha-standby-service.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: foobar app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vault - helm.sh/chart: vault-0.19.0 + helm.sh/chart: vault-0.27.0 name: foobar-standby namespace: vault spec: diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-headless-service.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-headless-service.yaml index 258d8e9..2454e47 100644 --- a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-headless-service.yaml +++ b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-headless-service.yaml @@ -6,7 +6,8 @@ metadata: app.kubernetes.io/instance: foobar app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vault - helm.sh/chart: vault-0.19.0 + helm.sh/chart: vault-0.27.0 + vault-internal: 'true' name: foobar-internal namespace: vault spec: diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ingress.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ingress.yaml index 9ec0f09..9014194 100644 --- a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ingress.yaml +++ b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-ingress.yaml @@ -1,4 +1,4 @@ -apiVersion: networking.k8s.io/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: foobar app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vault - helm.sh/chart: vault-0.19.0 + helm.sh/chart: vault-0.27.0 name: foobar namespace: vault spec: @@ -17,9 +17,12 @@ spec: http: paths: - backend: - serviceName: foobar-active - servicePort: 8200 + service: + name: foobar-active + port: + number: 8200 path: / + pathType: Prefix tls: - hosts: - vault.todo.tld diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-service.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-service.yaml index 08725ef..bc00fcb 100644 --- a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-service.yaml +++ b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-service.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/instance: foobar app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vault - helm.sh/chart: vault-0.19.0 + helm.sh/chart: vault-0.27.0 name: foobar namespace: vault spec: diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-serviceaccount.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-serviceaccount.yaml index 3273e1e..0eff41b 100644 --- a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-serviceaccount.yaml +++ b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-serviceaccount.yaml @@ -5,6 +5,6 @@ metadata: app.kubernetes.io/instance: foobar app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: vault - helm.sh/chart: vault-0.19.0 + helm.sh/chart: vault-0.27.0 name: foobar namespace: vault diff --git a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-statefulset.yaml b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-statefulset.yaml index 980b08d..1af4687 100644 --- a/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-statefulset.yaml +++ b/tests/golden/defaults/vault/vault/10_vault/vault/templates/server-statefulset.yaml @@ -22,7 +22,7 @@ spec: app.kubernetes.io/instance: foobar app.kubernetes.io/name: vault component: server - helm.sh/chart: vault-0.19.0 + helm.sh/chart: vault-0.27.0 spec: affinity: podAntiAffinity: @@ -151,6 +151,7 @@ spec: limits: cpu: 100m memory: 64Mi + hostNetwork: false securityContext: fsGroup: 1000 runAsGroup: 1000